CVE-2025-58622
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | mobile_contact_line_plugin | 2.4.1 |
| patchstack | mobile_contact_line_plugin | 2.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58622 is a Broken Access Control vulnerability in the WordPress Mobile Contact Line Plugin up to version 2.4.0. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with low privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. This means that access control security levels are incorrectly configured, enabling unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or access within the WordPress site using the Mobile Contact Line plugin. Although the severity is low (CVSS 4.3) and exploitation is considered unlikely, if exploited, it could compromise the integrity of the siteβs access control and lead to unauthorized modifications or misuse of plugin functions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress Mobile Contact Line plugin version is up to and including 2.4.0, as these versions contain the broken access control issue. Since the vulnerability allows unprivileged users to perform higher-privileged actions due to missing authorization checks, monitoring for unusual privilege escalations or unauthorized actions by Subscriber-level users can help detect exploitation attempts. There are no specific commands provided for detection, but verifying the plugin version via WordPress admin or command line (e.g., wp plugin list) and monitoring logs for suspicious activity is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Mobile Contact Line plugin to version 2.4.1 or later, where the vulnerability is fixed. If updating immediately is not possible, applying Patchstack's virtual patching (vPatching) can provide rapid protection against exploitation. Additionally, monitoring for unauthorized actions and, in case of compromise, engaging professional incident response or performing server-side malware scanning is advised. [1]